Added AuthenticationException to the commence method signature of the AutenticationEntryPoint. The best example of this
is the BasicProcessingFilterEntryPoint where the authException.getMessage() is used to send back an informative 401, instead of just the error code. Added AccessDeniedException to the sendAccessDeniedError method signature. The accessDeniedException.getMessage() result is used to send an invormative 403 error back to the servletResponse by default.
This commit is contained in:
Ray Krueger
parent
f43c31c8d4
commit
1949c3b27e
|
|
@ -15,6 +15,8 @@
|
|||
|
||||
package net.sf.acegisecurity.intercept.web;
|
||||
|
||||
import net.sf.acegisecurity.AuthenticationException;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
|
@ -34,14 +36,14 @@ public interface AuthenticationEntryPoint {
|
|||
|
||||
/**
|
||||
* Commences an authentication scheme.
|
||||
*
|
||||
*
|
||||
* <P>
|
||||
* <code>SecurityEnforcementFilter</code> will populate the
|
||||
* <code>HttpSession</code> attribute named
|
||||
* <code>AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY</code>
|
||||
* with the requested target URL before calling this method.
|
||||
* </p>
|
||||
*
|
||||
*
|
||||
* <P>
|
||||
* Implementations should modify the headers on the
|
||||
* <code>ServletResponse</code> as necessary to commence the
|
||||
|
|
@ -50,7 +52,9 @@ public interface AuthenticationEntryPoint {
|
|||
*
|
||||
* @param request that resulted in an <code>AuthenticationException</code>
|
||||
* @param response so that the user agent can begin authentication
|
||||
* @param authException that caused the invocation
|
||||
*/
|
||||
public void commence(ServletRequest request, ServletResponse response)
|
||||
public void commence(ServletRequest request, ServletResponse response,
|
||||
AuthenticationException authException)
|
||||
throws IOException, ServletException;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -199,7 +199,7 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
|
|||
|
||||
((HttpServletRequest) request).getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY,
|
||||
targetUrl);
|
||||
authenticationEntryPoint.commence(request, response);
|
||||
authenticationEntryPoint.commence(request, response, authentication);
|
||||
} catch (AccessDeniedException accessDenied) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(
|
||||
|
|
@ -208,7 +208,7 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
|
|||
|
||||
((HttpServletRequest) request).getSession().setAttribute(ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY,
|
||||
accessDenied);
|
||||
sendAccessDeniedError(request, response);
|
||||
sendAccessDeniedError(request, response, accessDenied);
|
||||
} catch (Throwable otherException) {
|
||||
throw new ServletException(otherException);
|
||||
}
|
||||
|
|
@ -221,11 +221,14 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
|
|||
*
|
||||
* @param request
|
||||
* @param response
|
||||
* @param accessDenied
|
||||
*
|
||||
* @throws IOException
|
||||
*/
|
||||
protected void sendAccessDeniedError(ServletRequest request,
|
||||
ServletResponse response) throws IOException {
|
||||
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN); // 403
|
||||
ServletResponse response, AccessDeniedException accessDenied)
|
||||
throws IOException {
|
||||
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN,
|
||||
accessDenied.getMessage()); // 403
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -145,7 +145,6 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
|||
}
|
||||
|
||||
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
|
||||
String header = httpRequest.getHeader("Authorization");
|
||||
|
||||
|
|
@ -182,7 +181,7 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
|||
+ " failed: " + failed.toString());
|
||||
}
|
||||
|
||||
authenticationEntryPoint.commence(request, response);
|
||||
authenticationEntryPoint.commence(request, response, failed);
|
||||
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* Copyright 2004, 2005 Acegi Technology Pty Limited
|
||||
/* Copyright 2004 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -15,6 +15,7 @@
|
|||
|
||||
package net.sf.acegisecurity.ui.basicauth;
|
||||
|
||||
import net.sf.acegisecurity.AuthenticationException;
|
||||
import net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
|
@ -65,11 +66,13 @@ public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint
|
|||
}
|
||||
}
|
||||
|
||||
public void commence(ServletRequest request, ServletResponse response)
|
||||
public void commence(ServletRequest request, ServletResponse response,
|
||||
AuthenticationException authException)
|
||||
throws IOException, ServletException {
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
httpResponse.addHeader("WWW-Authenticate",
|
||||
"Basic realm=\"" + realmName + "\"");
|
||||
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); // 401
|
||||
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED,
|
||||
authException.getMessage());
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@
|
|||
|
||||
package net.sf.acegisecurity.ui.cas;
|
||||
|
||||
import net.sf.acegisecurity.AuthenticationException;
|
||||
import net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
|
@ -88,7 +89,8 @@ public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint,
|
|||
}
|
||||
}
|
||||
|
||||
public void commence(ServletRequest request, ServletResponse response)
|
||||
public void commence(ServletRequest request, ServletResponse response,
|
||||
AuthenticationException authenticationException)
|
||||
throws IOException, ServletException {
|
||||
String url;
|
||||
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@
|
|||
|
||||
package net.sf.acegisecurity.ui.webapp;
|
||||
|
||||
import net.sf.acegisecurity.AuthenticationException;
|
||||
import net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint;
|
||||
import net.sf.acegisecurity.util.PortMapper;
|
||||
import net.sf.acegisecurity.util.PortMapperImpl;
|
||||
|
|
@ -133,7 +134,8 @@ public class AuthenticationProcessingFilterEntryPoint
|
|||
}
|
||||
}
|
||||
|
||||
public void commence(ServletRequest request, ServletResponse response)
|
||||
public void commence(ServletRequest request, ServletResponse response,
|
||||
AuthenticationException authException)
|
||||
throws IOException, ServletException {
|
||||
HttpServletRequest req = (HttpServletRequest) request;
|
||||
String scheme = request.getScheme();
|
||||
|
|
|
|||
|
|
@ -49,7 +49,8 @@ public class MockAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
|||
|
||||
//~ Methods ================================================================
|
||||
|
||||
public void commence(ServletRequest request, ServletResponse response)
|
||||
public void commence(ServletRequest request, ServletResponse response,
|
||||
AuthenticationException authenticationException)
|
||||
throws IOException, ServletException {
|
||||
((HttpServletResponse) response).sendRedirect(((HttpServletRequest) request)
|
||||
.getContextPath() + url);
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@ public class MockHttpServletResponse implements HttpServletResponse {
|
|||
//~ Instance fields ========================================================
|
||||
|
||||
private Map headersMap = new HashMap();
|
||||
private String errorMessage;
|
||||
private String redirect;
|
||||
private int error;
|
||||
|
||||
|
|
@ -79,6 +80,10 @@ public class MockHttpServletResponse implements HttpServletResponse {
|
|||
return this.error;
|
||||
}
|
||||
|
||||
public String getErrorMessage() {
|
||||
return this.errorMessage;
|
||||
}
|
||||
|
||||
public void setHeader(String arg0, String arg1) {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
|
|
@ -174,7 +179,8 @@ public class MockHttpServletResponse implements HttpServletResponse {
|
|||
}
|
||||
|
||||
public void sendError(int arg0, String arg1) throws IOException {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
this.error = arg0;
|
||||
this.errorMessage = arg1;
|
||||
}
|
||||
|
||||
public void sendError(int arg0) throws IOException {
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ package net.sf.acegisecurity.ui.basicauth;
|
|||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import net.sf.acegisecurity.DisabledException;
|
||||
import net.sf.acegisecurity.MockHttpServletRequest;
|
||||
import net.sf.acegisecurity.MockHttpServletResponse;
|
||||
|
||||
|
|
@ -74,8 +75,13 @@ public class BasicProcessingFilterEntryPointTests extends TestCase {
|
|||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
ep.afterPropertiesSet();
|
||||
ep.commence(request, response);
|
||||
|
||||
String msg = "These are the jokes kid";
|
||||
ep.commence(request, response, new DisabledException(msg));
|
||||
|
||||
assertEquals(401, response.getError());
|
||||
assertEquals(msg, response.getErrorMessage());
|
||||
|
||||
assertEquals("Basic realm=\"hello\"",
|
||||
response.getHeader("WWW-Authenticate"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ public class CasProcessingFilterEntryPointTests extends TestCase {
|
|||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
ep.afterPropertiesSet();
|
||||
ep.commence(request, response);
|
||||
ep.commence(request, response, null);
|
||||
|
||||
assertEquals("https://cas/login?service="
|
||||
+ URLEncoder.encode(
|
||||
|
|
@ -124,7 +124,7 @@ public class CasProcessingFilterEntryPointTests extends TestCase {
|
|||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
ep.afterPropertiesSet();
|
||||
ep.commence(request, response);
|
||||
ep.commence(request, response, null);
|
||||
assertEquals("https://cas/login?renew=true&service=https://mycompany.com/bigWebApp/j_acegi_cas_security_check",
|
||||
response.getRedirect());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -117,19 +117,19 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
|
|||
ep.setPortResolver(new MockPortResolver(80, 443));
|
||||
ep.afterPropertiesSet();
|
||||
|
||||
ep.commence(request, response);
|
||||
ep.commence(request, response, null);
|
||||
assertEquals("https://www.example.com/bigWebApp/hello",
|
||||
response.getRedirect());
|
||||
|
||||
request.setServerPort(8080);
|
||||
ep.setPortResolver(new MockPortResolver(8080, 8443));
|
||||
ep.commence(request, response);
|
||||
ep.commence(request, response, null);
|
||||
assertEquals("https://www.example.com:8443/bigWebApp/hello",
|
||||
response.getRedirect());
|
||||
|
||||
// Now test an unusual custom HTTP:HTTPS is handled properly
|
||||
request.setServerPort(8888);
|
||||
ep.commence(request, response);
|
||||
ep.commence(request, response, null);
|
||||
assertEquals("https://www.example.com:8443/bigWebApp/hello",
|
||||
response.getRedirect());
|
||||
|
||||
|
|
@ -146,7 +146,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
|
|||
ep.setPortResolver(new MockPortResolver(8888, 9999));
|
||||
ep.afterPropertiesSet();
|
||||
|
||||
ep.commence(request, response);
|
||||
ep.commence(request, response, null);
|
||||
assertEquals("https://www.example.com:9999/bigWebApp/hello",
|
||||
response.getRedirect());
|
||||
}
|
||||
|
|
@ -170,13 +170,13 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
|
|||
ep.setPortResolver(new MockPortResolver(80, 443));
|
||||
ep.afterPropertiesSet();
|
||||
|
||||
ep.commence(request, response);
|
||||
ep.commence(request, response, null);
|
||||
assertEquals("https://www.example.com/bigWebApp/hello",
|
||||
response.getRedirect());
|
||||
|
||||
request.setServerPort(8443);
|
||||
ep.setPortResolver(new MockPortResolver(8080, 8443));
|
||||
ep.commence(request, response);
|
||||
ep.commence(request, response, null);
|
||||
assertEquals("https://www.example.com:8443/bigWebApp/hello",
|
||||
response.getRedirect());
|
||||
}
|
||||
|
|
@ -199,7 +199,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
|
|||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
ep.afterPropertiesSet();
|
||||
ep.commence(request, response);
|
||||
ep.commence(request, response, null);
|
||||
assertEquals("http://www.example.com/bigWebApp/hello",
|
||||
response.getRedirect());
|
||||
}
|
||||
|
|
@ -224,7 +224,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
|
|||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
ep.afterPropertiesSet();
|
||||
ep.commence(request, response);
|
||||
ep.commence(request, response, null);
|
||||
|
||||
// Response doesn't switch to HTTPS, as we didn't know HTTP port 8888 to HTTP port mapping
|
||||
assertEquals("http://www.example.com:8888/bigWebApp/hello",
|
||||
|
|
|
|||
|
|
@ -36,8 +36,9 @@
|
|||
<action dev="benalex" type="update">FilterSecurityInterceptor now only executes once per request (improves performance with SiteMesh)</action>
|
||||
<action dev="benalex" type="fix">Contacts sample web.xml no longer expect Log4j to be in classpath</action>
|
||||
<action dev="raykrueger" type="update">JaasAuthenticatinProvider now uses System.property "java.security.auth.login.config"</action>
|
||||
<action dev="raykrueger" type="update">JaasAuthenticationCallbackHandler Authentication is passed to handle method setAuthenticatoin removed</action>
|
||||
<action dev="benalex" type="update">Use static HttpServletResponse.SC_UNAUTHORIZED instead of 401 HTTP response code</action>
|
||||
<action dev="raykrueger" type="update">JaasAuthenticationCallbackHandler Authentication is passed to handle method setAuthentication removed</action>
|
||||
<action dev="raykrueger" type="update">Added AuthenticationException to the AutenticationEntryPoint.commence method signature</action>
|
||||
<action dev="raykrueger" type="update">Added AccessDeniedException to the SecurityEncorcementFilter.sendAccessDeniedError method signature</action>
|
||||
</release>
|
||||
<release version="0.7.0" date="2005-01-16">
|
||||
<action dev="carlossg" type="add">Major CVS repository restructure to support Maven and eliminate libraries</action>
|
||||
|
|
|
|||
|
|
@ -9,12 +9,14 @@
|
|||
The following should help most casual users of the project update their
|
||||
applications:
|
||||
|
||||
<ul>
|
||||
<ul>
|
||||
|
||||
<li>The JaasAuthenticationCallbackHandler interface has had it's setAuthentication method removed. The handle method
|
||||
now takes both the Callback and Authentication objects as arguments.</li>
|
||||
<li>The JaasAuthenticationCallbackHandler interface has had it's setAuthentication method removed.
|
||||
The handle method now takes both the Callback and Authentication objects as arguments.</li>
|
||||
<li>Added AuthenticationException to the AutenticationEntryPoint.commence method signature.</li>
|
||||
<li>Added AccessDeniedException to the SecurityEncorcementFilter.sendAccessDeniedError method signature.</li>
|
||||
|
||||
</ul>
|
||||
</ul>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
Loading…
Reference in New Issue